yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-30 05:14:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

Better fix for empty password / salt

Browse Source 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
This commit is contained in:
Paul Elliott 2021-11-18 14:02:21 +00:00
parent a59cc3dbc7
commit 7412eb4bc2
1 changed files with 58 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
library/pkcs12.c
View File

@ -244,8 +244,6 @@ static void pkcs12_fill_buffer( unsigned char *data, size_t data_len,
data_len -= use_len; data_len -= use_len;
} }
} }
else
memset( data, 0, data_len );
} }
int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen, int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
@ -258,9 +256,12 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
unsigned char diversifier[128]; unsigned char diversifier[128];
unsigned char salt_block[128], pwd_block[128], hash_block[128]; unsigned char salt_block[128], pwd_block[128], hash_block[128];
unsigned char empty_string[2] = { 0, 0 };
unsigned char hash_output[MBEDTLS_MD_MAX_SIZE]; unsigned char hash_output[MBEDTLS_MD_MAX_SIZE];
unsigned char *p; unsigned char *p;
unsigned char c; unsigned char c;
int use_password = 0;
int use_salt = 0;
size_t hlen, use_len, v, i; size_t hlen, use_len, v, i;
@ -274,6 +275,12 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
if( pwd == NULL && pwdlen != 0 ) if( pwd == NULL && pwdlen != 0 )
return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA ); return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA );
if( salt == NULL && saltlen != 0 )
return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA );
use_password = ( pwd && pwdlen != 0 );
use_salt = ( salt && saltlen != 0 );
md_info = mbedtls_md_info_from_type( md_type ); md_info = mbedtls_md_info_from_type( md_type );
if( md_info == NULL ) if( md_info == NULL )
return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE ); return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE );
@ -291,8 +298,15 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
memset( diversifier, (unsigned char) id, v ); memset( diversifier, (unsigned char) id, v );
pkcs12_fill_buffer( salt_block, v, salt, saltlen ); if( use_salt != 0 )
pkcs12_fill_buffer( pwd_block, v, pwd, pwdlen ); {
pkcs12_fill_buffer( salt_block, v, salt, saltlen );
}
if( use_password != 0 )
{
pkcs12_fill_buffer( pwd_block, v, pwd, pwdlen );
}
p = data; p = data;
while( datalen > 0 ) while( datalen > 0 )
@ -304,11 +318,29 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
if( ( ret = mbedtls_md_update( &md_ctx, diversifier, v ) ) != 0 ) if( ( ret = mbedtls_md_update( &md_ctx, diversifier, v ) ) != 0 )
goto exit; goto exit;
if( ( ret = mbedtls_md_update( &md_ctx, salt_block, v ) ) != 0 ) if( use_salt != 0 )
goto exit; {
if( ( ret = mbedtls_md_update( &md_ctx, salt_block, v )) != 0 )
goto exit;
}
else
{
if( ( ret = mbedtls_md_update( &md_ctx, empty_string,
sizeof( empty_string ) )) != 0 )
goto exit;
}
if( ( ret = mbedtls_md_update( &md_ctx, pwd_block, v ) ) != 0 ) if( use_password != 0)
goto exit; {
if( ( ret = mbedtls_md_update( &md_ctx, pwd_block, v )) != 0 )
goto exit;
}
else
{
if( ( ret = mbedtls_md_update( &md_ctx, empty_string,
sizeof( empty_string ) )) != 0 )
goto exit;
}
if( ( ret = mbedtls_md_finish( &md_ctx, hash_output ) ) != 0 ) if( ( ret = mbedtls_md_finish( &md_ctx, hash_output ) ) != 0 )
goto exit; goto exit;
@ -336,22 +368,28 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
if( ++hash_block[i - 1] != 0 ) if( ++hash_block[i - 1] != 0 )
break; break;
// salt_block += B if( use_salt != 0 )
c = 0;
for( i = v; i > 0; i-- )
{ {
j = salt_block[i - 1] + hash_block[i - 1] + c; // salt_block += B
c = MBEDTLS_BYTE_1( j ); c = 0;
salt_block[i - 1] = MBEDTLS_BYTE_0( j ); for( i = v; i > 0; i-- )
{
j = salt_block[i - 1] + hash_block[i - 1] + c;
c = MBEDTLS_BYTE_1( j );
salt_block[i - 1] = MBEDTLS_BYTE_0( j );
}
} }
// pwd_block += B if( use_password != 0 )
c = 0;
for( i = v; i > 0; i-- )
{ {
j = pwd_block[i - 1] + hash_block[i - 1] + c; // pwd_block += B
c = MBEDTLS_BYTE_1( j ); c = 0;
pwd_block[i - 1] = MBEDTLS_BYTE_0( j ); for( i = v; i > 0; i-- )
{
j = pwd_block[i - 1] + hash_block[i - 1] + c;
c = MBEDTLS_BYTE_1( j );
pwd_block[i - 1] = MBEDTLS_BYTE_0( j );
}
} }
} }